Skip to main content

2.2 Physical Vulnerabilities and Attacks

Topic 2.2: Physical Vulnerabilities and Attacks

While cybersecurity often focuses on digital threats, physical security is a critical and foundational layer of an organization's defense. If an adversary can gain physical access to devices or facilities, they can often bypass many technical security controls. Adversaries frequently use social engineering tactics to execute physical attacks.

Common physical attacks include:

  • Piggybacking: An adversary manipulates an authorized person into granting them access to a restricted area. This often involves tactics like carrying a large box to appear to need help holding a door open, or pretending to be a new employee who has forgotten their access card.
  • Tailgating: Similar to piggybacking, this attack involves an adversary following an authorized individual through a secure entryway without their knowledge. For example, an attacker might slip through a door just before it closes behind a legitimate employee.
  • Shoulder Surfing: This involves an adversary observing a user's screen or keyboard to steal sensitive information like passwords, PINs, or confidential data. This can be done by looking over someone's shoulder or by using a hidden camera or binoculars from a distance.
  • Dumpster Diving: An adversary goes through an organization's physical trash to find valuable information. Discarded documents can contain sensitive data such as customer lists, network diagrams, or employee information that could be useful in planning a more sophisticated attack.
  • Card Cloning: An adversary creates an unauthorized copy of an employee's access card. Using specialized devices, they can skim the data from a legitimate card and duplicate it onto a blank card, which can then be used to gain access to restricted areas.

These attacks exploit various physical vulnerabilities to cause loss, damage, disruption, or destruction to an organization's assets. Threats can come from human adversaries or natural disasters, both of which can compromise physical infrastructure. Common vulnerabilities include unlocked doors, unmonitored entry points, exposed network ports, and inadequate power protection.

By exploiting these weaknesses, adversaries can achieve several objectives. They can disrupt power to critical devices by unplugging them or accessing electrical panels, making services unavailable. By gaining access to secure areas, they can steal laptops, servers, or other hardware, along with the sensitive data they contain. If they can access a device's physical ports, they can plug in a keylogger to capture keystrokes or a USB drive containing malware to infect the system.

Assessing the risks from these physical vulnerabilities is a crucial step in securing an organization. Because physical access can neutralize many digital defenses, these risks are often considered severe.

  • High risks arise when highly sensitive systems or data are located in areas with insufficient access controls. For example, a server containing confidential customer financial data located in an unlocked, unmonitored room represents a high risk.
  • Moderate risks exist when a non-critical area is left unprotected in a way that could provide an adversary with an initial foothold. For instance, a computer in a public reception area with exposed USB ports could be used to introduce malware into the internal network.
  • Low risks are associated with vulnerabilities that are unlikely to be exploited and would have a minimal impact. An example would be unlocked laptops on desks within a secure, badge-access-only office, where the laptops themselves do not contain sensitive information.